Privacy Policy for Client Assessment Application

Last updated: April 3, 2025

This Privacy Policy describes how client personal and health information is collected, used, and protected when our employees use our Home Care Assessment Application (the “App”) to provide home care services.

INFORMATION WE COLLECT

Client Information

Our employees collect the following types of information about clients through the App:

  • Personal Identifiers:
    • Full name, date of birth, address, and contact information
    • Emergency contact details
    • Insurance information and policy numbers
    • Government-issued identification numbers
  • Health Information:
    • Medical history and conditions
    • Current medications and treatment plans
    • Vital signs and physical assessment findings
    • Functional abilities and limitations
    • Mental and cognitive status assessments
    • Social determinants of health
    • Care goals and preferences
  • Documentation:
    • Photos of wound care or physical conditions (when clinically necessary)
    • Progress notes and observations
    • Care plan documentation
    • Client signatures for consent forms
    • Environmental safety assessments

Employee User Information

  • Professional credentials and licensing information
  • Login/authentication data and usage patterns
  • Location data while using the App for client visits
  • Notes and assessment documentation created by employee

HOW WE USE CLIENT INFORMATION

  • Provide appropriate and personalized home care services
  • Develop and maintain comprehensive care plans
  • Coordinate care with other healthcare providers
  • Document services provided for quality assurance
  • Process insurance claims and billing
  • Comply with healthcare regulations and reporting requirements
  • Improve our care services and clinical outcomes
  • Train and supervise healthcare staff

LEGAL BASIS FOR PROCESSING

  • Client consent, where explicitly provided
  • Necessity for the provision of healthcare services
  • Compliance with legal and regulatory obligations
  • Legitimate interests in providing quality care and maintaining accurate records

HIPAA COMPLIANCE AND DATA SECURITY

Physical Safeguards:

  • Secure facilities with restricted access to servers
  • Device security protocols for mobile devices used by authorized employees

Technical Safeguards:

  • End-to-end encryption for all data transmission
  • Strong authentication mechanisms, including multi-factor authentication
  • Automatic timeout features after periods of inactivity
  • Secure cloud storage with encryption at rest
  • Regular security updates and vulnerability testing

Administrative Safeguards:

  • Regular HIPAA training for all staff members
  • Role-based access controls limiting data access to authorized personnel
  • Audit logs of all data access and modifications
  • Comprehensive policies and procedures for data handling
  • Business Associate Agreements with all service providers

DATA RETENTION

We retain client health information in accordance with:

  • State healthcare record retention requirements
  • Medicare/Medicaid documentation requirements
  • Professional practice standards
  • Our internal record retention policy

Typically, client records are maintained for a minimum of 5 years from the last date of service or as otherwise required by applicable law.

SHARING OF INFORMATION

Client information may be shared with:

  • Healthcare Team Members: Other healthcare providers directly involved in the client’s care
  • Insurance Providers: For billing and claims processing, limited to required information
  • Regulatory Bodies: As required by law for regulatory compliance and quality monitoring
  • Business Associates: Service providers who need access to perform functions on our behalf (subject to Business Associate Agreements)

We limit sharing to the minimum necessary information required for the intended purpose.

CLIENT RIGHTS UNDER HIPAA

  • The right to access their health information
  • The right to request corrections to their records
  • The right to receive an accounting of disclosures
  • The right to request restrictions on certain uses and disclosures
  • The right to request confidential communications
  • The right to receive notification of a breach
  • The right to file a complaint regarding privacy practices

We provide clients with our Notice of Privacy Practices which details these rights and how to exercise them.

EMPLOYEE RESPONSIBILITIES

  • Access client information only when necessary for care provision
  • Maintain the confidentiality of all client information
  • Use secure, company-provided devices for accessing the App
  • Report any potential security incidents or breaches immediately
  • Comply with all company policies regarding data protection
  • Complete regular training on data privacy and security

APP FUNCTIONALITY AND SECURITY FEATURES

  • Automatic logging out after periods of inactivity
  • Secure messaging between healthcare team members
  • Restricted ability to export or print sensitive information
  • Audit trails of all data access and modifications

    PHOTOGRAPHS AND MEDIA

    • Images are encrypted and stored securely within the App
    • Images are never saved to the device’s regular photo gallery
    • Access to images is restricted to authorized healthcare personnel
    • Image capture is disabled if not clinically necessary for the specific care plan

      COMPLIANCE WITH APPLE DEVELOPER GUIDELINES

      • App Tracking Transparency framework implementation
      • Privacy policy accessibility within the App
      • Clear labeling of data collection practices
      • Minimization of data collection to what is necessary
      • Proper handling of authentication and authorization

      CHANGES TO THIS PRIVACY POLICY

      We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated through:

      • Notifications within the App
      • Email communications to staff users
      • Updated training materials
      • Revision of client consent forms when necessary

      CONTACT INFORMATION

      Email: privacy@klezafab.com
      Phone: 913-800-2728
      Kleza Solutions Pvt Ltd
      9331 W 87th St, Overland Park,
      KS 66212, United States

      For HIPAA-related concerns or to report potential privacy incidents:
      [HIPAA Compliance Officer]
      Email: hipaa@klezafab.com
      Compliance Hotline: 913-800-2729